Merge remote-tracking branch 'parent/main' into upstream-20240109

spec/requests/api/v1/accounts/credentials_spec.rb

@@ -85,7 +85,7 @@ RSpec.describe 'credentials API' do
     end
 
     describe 'with invalid data' do
-      let(:params) { { note: 'This is too long. ' * 30 } }
+      let(:params) { { note: 'a' * 2 * Account::NOTE_LENGTH_LIMIT } }
 
       it 'returns http unprocessable entity' do
         subject

spec/requests/api/v1/accounts/notes_spec.rb

@@ -29,7 +29,7 @@ RSpec.describe 'Accounts Notes API' do
     end
 
     context 'when account note exceeds allowed length', :aggregate_failures do
-      let(:comment) { 'a' * 2_001 }
+      let(:comment) { 'a' * AccountNote::COMMENT_SIZE_LIMIT * 2 }
 
       it 'does not create account note' do
         subject

spec/requests/api/v1/admin/dimensions_spec.rb

@@ -3,7 +3,7 @@
 require 'rails_helper'
 
 RSpec.describe 'Admin Dimensions' do
-  let(:user)    { Fabricate(:user, role: UserRole.find_by(name: 'Admin')) }
+  let(:user)    { Fabricate(:admin_user) }
   let(:token)   { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
   let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
   let(:account) { Fabricate(:account) }

spec/requests/api/v1/admin/measures_spec.rb

@@ -3,7 +3,7 @@
 require 'rails_helper'
 
 RSpec.describe 'Admin Measures' do
-  let(:user)    { Fabricate(:user, role: UserRole.find_by(name: 'Admin')) }
+  let(:user)    { Fabricate(:admin_user) }
   let(:token)   { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
   let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
   let(:account) { Fabricate(:account) }

spec/requests/api/v1/admin/retention_spec.rb

@@ -3,7 +3,7 @@
 require 'rails_helper'
 
 RSpec.describe 'Admin Retention' do
-  let(:user)    { Fabricate(:user, role: UserRole.find_by(name: 'Admin')) }
+  let(:user)    { Fabricate(:admin_user) }
   let(:token)   { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
   let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
   let(:account) { Fabricate(:account) }

spec/requests/api/v1/apps_spec.rb

@@ -122,7 +122,7 @@ RSpec.describe 'Apps' do
     end
 
     context 'with a too-long name' do
-      let(:client_name) { 'hoge' * 20 }
+      let(:client_name) { 'a' * Doorkeeper::Application::APP_NAME_LIMIT * 2 }
 
       it 'returns http unprocessable entity' do
         subject
@@ -134,7 +134,7 @@ RSpec.describe 'Apps' do
     end
 
     context 'with a too-long website' do
-      let(:website) { "https://foo.bar/#{'hoge' * 2_000}" }
+      let(:website) { "https://foo.bar/#{'a' * Doorkeeper::Application::APP_WEBSITE_LIMIT * 2}" }
 
       it 'returns http unprocessable entity' do
         subject
@@ -146,7 +146,7 @@ RSpec.describe 'Apps' do
     end
 
     context 'with a too-long redirect_uri' do
-      let(:redirect_uris) { "https://app.example/#{'hoge' * 2_000}" }
+      let(:redirect_uris) { "https://app.example/#{'a' * Doorkeeper::Application::APP_REDIRECT_URI_LIMIT * 2}" }
 
       it 'returns http unprocessable entity' do
         subject

spec/requests/api/v1/reports_spec.rb

@@ -13,7 +13,7 @@ RSpec.describe 'Reports' do
       post '/api/v1/reports', headers: headers, params: params
     end
 
-    let!(:admin)         { Fabricate(:user, role: UserRole.find_by(name: 'Admin')) }
+    let!(:admin)         { Fabricate(:admin_user) }
     let(:status)         { Fabricate(:status) }
     let(:target_account) { status.account }
     let(:category)       { 'other' }

spec/requests/api/v2/media_spec.rb

@@ -33,7 +33,7 @@ RSpec.describe 'Media API', :attachment_processing do
       let(:params) do
         {
           file: fixture_file_upload('attachment-jpg.123456_abcd', 'image/jpeg'),
-          description: 'aa' * MediaAttachment::MAX_DESCRIPTION_LENGTH,
+          description: 'a' * MediaAttachment::MAX_DESCRIPTION_LENGTH * 2,
         }
       end
 

spec/requests/auth/challenges_spec.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Auth Challenges' do
+  let(:password) { 'foobar12345' }
+  let(:user) { Fabricate(:user, password: password) }
+
+  before { sign_in user }
+
+  describe 'POST #create' do
+    let(:return_to) { edit_user_registration_path }
+
+    context 'with correct password' do
+      it 'redirects back and sets challenge passed at in session' do
+        post '/auth/challenge', params: { form_challenge: { return_to: return_to, current_password: password } }
+
+        expect(response)
+          .to redirect_to(return_to)
+        expect(session[:challenge_passed_at])
+          .to_not be_nil
+      end
+    end
+
+    context 'with incorrect password' do
+      it 'renders challenge, displays error, does not set session' do
+        post '/auth/challenge', params: { form_challenge: { return_to: return_to, current_password: 'hhfggjjd562' } }
+
+        expect(response.body)
+          .to include(I18n.t('challenge.prompt'))
+          .and include('Invalid password')
+        expect(session[:challenge_passed_at])
+          .to be_nil
+      end
+    end
+  end
+end

spec/requests/cache_spec.rb

@@ -10,6 +10,7 @@ module TestEndpoints
     /.well-known/nodeinfo
     /nodeinfo/2.0
     /manifest
+    /css/custom-1a2s3d4f.css
     /custom.css
     /actor
     /api/v1/instance/extended_description
@@ -172,7 +173,7 @@ RSpec.describe 'Caching behavior' do
 
   before_all do
     alice = Fabricate(:account, username: 'alice')
-    user = Fabricate(:user, email: 'user@host.example', role: UserRole.find_by(name: 'Moderator'))
+    user = Fabricate(:moderator_user, email: 'user@host.example')
     status = Fabricate(:status, account: alice, id: 110_224_538_612_341_312)
     Fabricate(:status, account: alice, id: 110_224_538_643_211_312, visibility: :private)
     Fabricate(:invite, code: 'abcdef')

spec/requests/custom_css_spec.rb

@@ -5,10 +5,10 @@ require 'rails_helper'
 RSpec.describe 'Custom CSS' do
   include RoutingHelper
 
-  describe 'GET /custom.css' do
+  describe 'GET /css/:id.css' do
     context 'without any CSS or User Roles' do
       it 'returns empty stylesheet' do
-        get '/custom.css'
+        get '/css/custom-123.css'
 
         expect(response)
           .to have_http_status(200)
@@ -27,7 +27,7 @@ RSpec.describe 'Custom CSS' do
       end
 
       it 'returns stylesheet from settings' do
-        get '/custom.css'
+        get '/css/custom-456.css'
 
         expect(response)
           .to have_http_status(200)
@@ -45,34 +45,5 @@ RSpec.describe 'Custom CSS' do
         CSS
       end
     end
-
-    context 'with highlighted colored UserRole records' do
-      before do
-        _highlighted_colored = Fabricate :user_role, highlighted: true, color: '#336699', id: '123_123_123'
-        _highlighted_no_color = Fabricate :user_role, highlighted: true, color: ''
-        _no_highlight_with_color = Fabricate :user_role, highlighted: false, color: ''
-      end
-
-      it 'returns stylesheet from settings' do
-        get '/custom.css'
-
-        expect(response)
-          .to have_http_status(200)
-          .and have_cacheable_headers
-          .and have_attributes(
-            content_type: match('text/css')
-          )
-        expect(response.body.strip)
-          .to eq(expected_css)
-      end
-
-      def expected_css
-        <<~CSS.strip
-          .user-role-123123123 {
-            --user-role-accent: #336699;
-          }
-        CSS
-      end
-    end
   end
 end

spec/requests/settings/migrations_spec.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Settings Migrations' do
+  describe 'GET #show' do
+    context 'when user is not signed in' do
+      subject { get '/settings/migration' }
+
+      it { is_expected.to redirect_to new_user_session_path }
+    end
+  end
+
+  describe 'POST #create' do
+    context 'when user is not signed in' do
+      subject { post '/settings/migration' }
+
+      it { is_expected.to redirect_to new_user_session_path }
+    end
+  end
+end